CYBER-SECURITY: The messaging application, WhatsApp is currently experiencing a serious breach of confidentiality
Security Researcher Finds Important Privacy Fault Within New WhatsApp Share Button located under various articles and content on the web. The button in question would allow Facebook to recover personal data of users, including their IP address.
An illegal procedure since even if Facebook owns WhatsApp, it does not have the right to seize the personal data of users of the email application.
At the beginning of August, Mark Zuckerberg’s company has put in place a new sharing option, much as is found under the articles and other contents of the web. This is a button that lets you share the article or content in a WhatsApp conversation. However, before arriving in the messaging application, the information first passes through the Facebook servers that seize various data of the user.
It is only after this detour that the object of the sharing is encrypted end-to-end, as the application WhatsApp, supposed to ensure the confidentiality of messages exchanged on its platform.
The researcher at the origin of this discovery is explained
The researcher at the origin of this discovery, Nadim Kobeissi, explained on Twitter that Facebook’s “Like” buttons are known to allow Facebook to track user activity, even on other websites. ” The introduction of a new WhatsApp sharing button prompted him to take a close interest in it, which allowed him to discover that “when you click a” Share “button on WhatsApp, the link sharing does not open your WhatsApp app directly, but the WhatsApp Web API “, in other words, the Facebook servers.
Given the passage through the application’s Web API, the data is not encrypted end-to-end at first. The researcher believes that with this information, Facebook is able to “match this information to the IP address from which you connect to WhatsApp itself .”
An illegal practice
However, the crossing of WhatsApp user data with Facebook is illegal according to the European Commission. Our colleagues at 01Net.com have contacted WhatsApp for explanations. The social network would have tried to minimize the problem, claiming that the button tested by the researcher did not come from WhatsApp, but from a third company. According to the publisher, clicking a WhatsApp sharing button from a smartphone directly launches the application.
However, after verification by 01Net.com , there would still be an exchange with the Web API of WhatsApp before opening the application on mobile. When it was bought by Facebook in 2014, WhatsApp had ensured that no data from its users would be shared with the parent company. A promise that the messaging app does not seem to have fully held.
If you value the privacy of your messages and data on WhatsApp, it is best to go through another sharing solution for now.